Comment by thanksobama

Whatever has replaced the Bulk Collection of Telephony Metadata Under Section 215 of the USA PATRIOT Act informs the architecture of the Apple Push Notification, Firebase Cloud Messaging, etc. Apple owns the persistent connection to every iPhone, and only APNs can wake your app. So "self-hosting" here means running your own provider (the backend that decides what to send and hands it to APNs) instead of paying a third party like Firebase Cloud Messaging, OneSignal, or Pusher to do that for you. The last mile is never yours however. Any architecture that routes everyone's traffic through a small number of identity-aware intermediaries is, by construction, a bulk-metadata collection system waiting for a legal instrument.

[2] In December 2023 Senator Ron Wyden disclosed that the U.S. government and foreign governments had secretly compelled Google and Apple to turn over information from push notifications, including communications metadata and sometimes content. A detail that should bother any developer: app developers have no way to stop the practice if they want to send notifications on the platforms iPhones and Android rely on. Apple had been gagged from disclosing it until the program became public, after which it said it was updating its transparency reporting to detail these kinds of requests. So the architectural hypothesis isn't speculative — it's the confirmed mechanism, differing from Section 215 mainly in domain (apps vs. calls) and legal vehicle (ordinary subpoenas, FISA orders, and NSLs rather than the specific business-records theory of §215)

[1] "Its just metadata". Thanks Obama! (joking of course, no single individual is responsible for these things, it is our collective political will and its the best we can do unfortunately)

[1] https://www.youtube.com/watch?v=9iUdm0QMDM0 [2] https://epic.org/sen-wyden-reveals-government-surveillance-o...